Hi folks,
I've installed a HF on a SCOM server to collect SCOM logs to Splunk. On the HF I've installed the [Splunk Add-on for Microsoft System Center Operations Manager][1] to collect logs using scheduled PowerShell scripts. The logs are indeed collected, but not on the interval I expected. One of my collection stanzas with the name "Events" uses the default quartz cron settings, which is `0 0 * ? * *`. This should mean the the logs are collected every hour, but they are not, they are collected every midnight instead.
The add-on GUI on the HF for the collection stanza says `0 0 * ? * *`, as well as the setting `schedule` in stanza `[powershell://_Splunk_TA_micosoft_scominternal_used_Events]` in `inputs.conf`, as well as the setting `interval` in stanza `[Events]` in `microsoft_scom_task.conf`. Yet the logs are only collected every midnight.
Anyone got an idea on why this is, or how I could go forward in troubleshooting this?
[1]: https://splunkbase.splunk.com/app/2729/
↧